Risk Assessment Help
0

Understanding your Risk Assessment report

Once you’ve run a report using our Risk Assessment Tool, you will receive a score that tells you how many areas you have passed and how many you have failed.

If you did not pass all the checks, the report will tell you what you can do to fix them. There is some guidance within the report, but you may find the further guidance in this guide helpful.

1. The auto-run feature should be disabled

The auto-run feature on Windows allows programmes to run automatically. This could be exploited when connecting external devices to your system and provides an easy route into your systems for viruses, malware or other malicious software.

We recommend you disable the auto-run feature on all of your computers in order to prevent unwanted programmes from automatically starting.

On Windows 10, you can disable the auto-run feature using the following procedure:

  1. Click on the Windows button and select "Settings".
     
  2. Type "AutoPlay" in to the "find a setting" search box.
  3. Click on the "AutoPlay settings" option in the search results.
  4. Change the "Use AutoPlay for all media and devices" setting to show "Off".

You can disable the auto-run feature for an entire Windows domain using the following procedure:

  1. On a Windows domain controller, press the Windows key and "R", or click on the start button and then in the run program box.
  2. Enter "gpmc.msc" to run the group policy editor.
  3. Right click on the "Default Domain Policy" entry for your domain, then select "Edit" from the menu.
  4. Expand "Computer Configuration", then "Policies", then "Administrative Templates", then "Windows Components" and finally "AutoPlay Policies".
  5. Double click on the "Turn off AutoPlay" policy.
  6. Select "Enabled" and then click on the "OK" button.
  7. Close all the windows.
  8. Next time group policy is applied, such as when users logon, the new policy setting will be applied.

​2. The personal firewall feature should be enabled (Windows and Linux)

Use the following procedures to enable your personal firewall:

  • On Windows, follow these steps.
  • On Linux the procedure to enable a firewall will differ depending on the Linux distribution and version. On RHCE / CentOS version 7, follow these steps.

4. The minimum password length policy should be at least 8 characters

If your password is not secure, an attacker could easily log into your systems. Passwords should be complex enough to make it difficult for someone to gain entry.

Passwords that are longer, not dictionary words and contain a mix of upper and lower case characters and numbers are considered more secure.

A minimum password length policy can be set on individual Windows systems using "Local Security Policy" or using "Group Policy Management Console" for an entire Windows domain network. To set the minimum password length, for individual Windows Systems, use the following procedure:

  1. On Windows 10, click on "Start", "All Apps", "Windows Administrative Tools" and then on "Local Security Policy". On older versions of Windows, click on "Start", "Programs", "Administrative Tools" and then on "Local Security Policy".
  2. Expand "Account Policies" and then "Password Policy".
  3. Double click on the "Minimum Password Length" entry and enter a value of 8 or more before clicking on "OK".

For Windows domains you can set the minimum password length policy for all users in the domain using the following procedure:

  1. On a Windows Active Directory server (or your Small Business Server), run "gpmc.msc" (Group Policy Management Console).
  2. Right-click on the "Default Domain Policy" for your domain and select "Edit".
  3. Expand "Computer Configuration", "Policies", "Windows Settings", "Security Settings", "Account Policies" and finally "Password Policy".
  4. Double click on the "Minimum password length" entry and enter a value of 8 or more before clicking on "OK".
  5. The next time group policy is applied, such as when a user login occurs, the policy will be applied.

Use the following procedures to force a minimum password length:

  • On Windows, follow these steps to set a minimum password length policy.
  • On Linux the procedure to set a minimum password length restriction may vary. On RHCE / CentOS, follow these steps.

5. The maximum passwords age should be 60 days

Use the following procedures to force a maximum password age:

  • On Windows, follow these steps to set a maximum password age policy.
  • On Linux the procedure to set a minimum password length restriction may vary. On RHCE / CentOS, follow these steps.

9. Set up automatic screen locking

Automatic screen locking should be set up to protect against an opportunist gaining access when your machine is unattended.

When setting this up, you will have the option of setting the amount of inactive time that the computer should wait before locking the screen. Best practice suggests that this should be no more than 10 minutes, but you may choose less time for computers in public areas.

20. Opt-In for Microsoft Product updates

We recommend that the option to include other Microsoft products in automatic software updates is enabled.

This ensures that any security updates for products such as Microsoft Office are automatically updated when Windows is updated.

To opt-in for automatic updates, follow these instructions: https://support.microsoft.com/en-us/kb/306525